* MITKRB5-SA-2010-007 * CVE-2010-1324: An unauthenticated attacker can inject arbitrary content into an existing GSS connection that appears to be integrity protected from the legitimate peer under some circumstances * GSS applications may accept a PAC produced by an attacker as if it were signed by a KDC * CVE-2010-1323: attackers have a 1/256 chance of being able to produce krb_safe messages that appear to be from legitimate remote sources. Other than use in KDC database copies this may not be a huge issue only because no one actually uses krb_safe messages. Similarly, an attacker can force clients to display challenge/response values of the attacker's choice. * CVE-2010-4020: An attacker may be able to generate what is accepted as a ad-signedpath or ad-kdc-issued checksum with 1/256 probability * New Vietnamese debconf translations, Thanks Clytie Siddall, Closes: #601533 * Update standards version to 3.9.1 (no changes required